Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+

41 advisories

Loading
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an... Moderate Unreviewed
CVE-2026-6478 was published May 14, 2026
Bouncy Castle Has Covert Timing Channel Vulnerability High
CVE-2026-5598 was published for org.bouncycastle:bcprov-jdk14 (Maven) Apr 17, 2026
marcelstoer Credited to marcelstoer
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as... Moderate Unreviewed
CVE-2025-69893 was published Apr 14, 2026
In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB... Moderate Unreviewed
CVE-2025-66442 was published Apr 1, 2026
OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper High
CVE-2026-41390 was published for openclaw (npm) Mar 31, 2026
LonggTeng Credited to LonggTeng
vLLM is vulnerable to timing attack at bearer auth High
CVE-2025-59425 was published for vllm (pip) Oct 7, 2025
NiuBlibing Credited to NiuBlibing and russellb russellb russellb
Issue summary: A timing side-channel which could potentially allow remote recovery of the private... Moderate Unreviewed
CVE-2025-9231 was published Sep 30, 2025
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol Credited to jorsol
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding... Moderate Unreviewed
CVE-2025-49087 was published Jul 20, 2025
In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable... Moderate Unreviewed
CVE-2025-7396 was published Jul 19, 2025
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack,... Moderate Unreviewed
CVE-2025-27587 was published Jun 17, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov Credited to DavidOsipov
Issue summary: A timing side-channel which could potentially allow recovering the private key... Moderate Unreviewed
CVE-2024-13176 was published Jan 20, 2025
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This... High Unreviewed
CVE-2025-0306 was published Jan 9, 2025
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications Moderate
CVE-2024-11862 was published for Devolutions.XTS.NET (NuGet) Nov 27, 2024
zer0x64 Credited to zer0x64 and pdugre pdugre pdugre
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed
CVE-2023-46809 was published Sep 7, 2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur... High Unreviewed
CVE-2024-45192 was published Aug 22, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
James-E-A Credited to James-E-A
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication,... Moderate Unreviewed
CVE-2024-26306 was published May 14, 2024
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA)... Low Unreviewed
CVE-2023-33855 was published Mar 26, 2024
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A... Moderate Unreviewed
CVE-2024-25964 was published Mar 25, 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may... Moderate Unreviewed
CVE-2024-2236 was published Mar 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657 Moderate
CVE-2023-50781 was published for m2crypto (pip) Feb 5, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database